Use integrated identity information to create and manage identities and control access to enterprise resources. We provide identity and access management, single sign-on (SSO), access governance, and more.

Detect and respond to all potential threats quickly and decisively. By monitoring user activities, security events, and critical systems, we provide actionable security intelligence to reduce the risk of data breach.

Troubleshooting Tomcat behind iChain

Problem

A Forum reader recently asked:

“I have an old Apache Tomcat 4.0.6 server that runs behind iChain. Sometimes it stops responding if I call it through iChain. But it still runs fine if I call it directly with the localhost address. It seems like iChain doesn’t have any connection to Tomcat. If I restart my Tomcat service, all things are good until it runs out again. I’m not a network expert or Ichain expert – maybe it’s just a configuration setting that prevents Tomcat from releasing the connection?”

And here’s the response from Ryan Seale …

Solution

I run a few applications behind iChain on Tomcat and JBOSS. I run a password application, NetStorage, and Extend on JBOSS.

The only things I’ve done on iChain in the configuration is to go into the management configuration, enable the PIN list, and set the Tomcat accelerator addresses to “bypass”.

There are a few troubleshooting things you can try. When you notice the problem, try purging your iChain cache from the Actions page. This will give you an idea if turning off caching on the accelerator will fix it.

If this fails, I would unlock the console and go into debug mode. From there, you can try pinging the Tomcat box. It will allow you to ping port numbers too; this is pretty helpful in establishing if you’re being rejected for some reason. If so, you may want to change the
number of connections or the timeout/keep-alive settings on the Tomcat box.

(0 votes, average: 0.00 out of 5)You need to be a registered member to rate this post.

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.